#include "enter_st.h"
#include "ui_enter_st.h"
#include<QSqlQuery>

Enter_st::Enter_st(QWidget *parent) :
    QWidget(parent),
    ui(new Ui::Enter_st)
{
    ui->setupUi(this);
}

Enter_st::~Enter_st()
{
    delete ui;
}

//返回初始菜单界面
void Enter_st::on_return_2_clicked()
{
    emit display(0);
}

//学生登录按钮
void Enter_st::on_enter_clicked()
{
    QString id=ui->line1->text();
    QString pwd=ui->line2->text();
    QSqlQuery query;
    //字符串格式化方法不能防止sql注入
    QString sql=QString("select id,password,name,sex,year\
 from st where id=%1 and password=%2").arg(id).arg(pwd);
    qDebug()<<sql;
    query.exec(sql);
    //而bindValue方法绑定参数可以过滤特殊字符，防止SQL注入
   /* query.prepare(sql);
    query.bindValue(":id",id);
    query.bindValue(":pwd",pwd);

    query.exec();*/
    if(!query.next()){
        ui->tip->setText("学号或密码错误！");

    }
    else{
        QString name=query.value(2).toString();
        QString sex=query.value(3).toString();
        QString year=query.value(4).toString();
        st=new ST(this);
        st->setWindowTitle("学生界面");
        st->show();

        st->ui->tip->setText(name);
        st->ui->label_4->setText(id);
        st->ui->label_5->setText(sex);
        st->ui->label_6->setText(year);
    }

}
